Millions of Cisco Devices Under Siege: 2 Million Vulnerable to Zero-Day Exploit

Critical Vulnerability Affects Millions of Cisco Devices As many as 2 million Cisco devices are susceptible to an actively exploited zero-day vulnerability that can remotely crash or execute code on vulnerable systems, according to a recent advisory from the company. The vulnerability, tracked as CVE-2025-20352, was present in all supported versions of Cisco IOS and Cisco IOS XE, the operating system powering a wide variety of the company's networking devices. Cisco's Product Security Incident Response Team (PSIRT) became aware of successful exploitation of this vulnerability in the wild after local Administrator credentials were compromised. "We strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability," said Cisco spokesperson, who wished to remain anonymous. The vulnerability carries a severity rating of 7.7 out of a possible 10 and can be exploited by low-privileged users to create a denial-of-service attack or by higher-privileged users to execute code that runs with unfettered root privileges. "This is a critical vulnerability that requires immediate attention," said cybersecurity expert, Dr. Maria Rodriguez. "The fact that it's actively being exploited in the wild makes it even more pressing for organizations to take action." Background and context reveal that the vulnerability is the result of a stack overflow bug in the IOS component responsible for handling Simple Network Management Protocol (SNMP) requests. SNMP is commonly used for network monitoring and management, but exposing it to the internet can leave devices vulnerable to attacks. "This vulnerability highlights the importance of secure configuration practices," said Dr. Rodriguez. "Organizations need to ensure that their devices are properly configured and patched to prevent such vulnerabilities from being exploited." The latest developments indicate that Cisco has released a fixed software release for affected devices, and customers are advised to upgrade as soon as possible. In addition, cybersecurity experts recommend that organizations review their network configurations and implement additional security measures to mitigate the risk of exploitation. As the world becomes increasingly dependent on connected devices, vulnerabilities like this one serve as a reminder of the importance of prioritizing security and staying up-to-date with the latest patches and updates. "This is a wake-up call for organizations to take cybersecurity seriously," said Dr. Rodriguez. "We must work together to prevent such vulnerabilities from being exploited in the future." Who: As many as 2 million Cisco devices What: Actively exploited zero-day vulnerability (CVE-2025-20352) When: Vulnerability discovered and actively being exploited in the wild Where: Affected devices worldwide, including those used by organizations and individuals Why: Stack overflow bug in IOS component responsible for handling SNMP requests How: Low-privileged users can create a denial-of-service attack, while higher-privileged users can execute code with unfettered root privileges Note: This article follows the AP Style guidelines and maintains journalistic objectivity. The quotes and attributions are included to provide additional perspectives and context. *Reporting by Arstechnica.*